The Real Message Of GDPR Rules

It’s doubtful anyone with an email address isn’t aware that something called GDPR took effect on May 25. Dozens of emails asking you to reconfirm your interest or status or preferences flooded inboxes in the weeks and days ahead of the deadline.

The General Data Protection Regulation was adopted by the European Union in 2016, updating an earlier data privacy and protection directive. (See tinyurl.com/ReadyforGDPR-BE) Although it doesn’t directly affect many organizations that don’t have dealings with European customers, its impact is wide. Indeed, there are many who believe that it points the way to the future of how personal data will be handled and, importantly, monetized.

Capgemini, the consulting and technology firm, conducted a large survey on the subject that drew headlines when it was released in May, because it found 85% of organizations surveyed would not be ready to meet the deadline. However, the report was entitled Seizing the GDPR Advantage, and focused, in large measure, on the significance and opportunity that data protection presents for companies that embrace it. It also pointed out the pitfalls of not taking it seriously.

The GDPR sanctions for noncompliance are stiff, but a bigger negative could be loss of consumers’ trust, especially those who are “data-savvy activists”—comprising 22% of the population, according to the Capgemini survey.

Nothing like this before

Capgemini Executive Vice-President of Capital Markets and Banking Sankar Krishnan says about the GDPR regime: “There’s really been nothing like this before. It encompasses everything, and the rules just say be ‘reasonably compliant.’”

He believes that most organizations have good controls regarding data protection, but that the challenge is to address protection of virtually every piece of data that exists in the cloud, with vendors, in cookies, etc., in the same manner as is done with Social Security numbers, or even better than that.

“Perfunctory” misses a lot

In its report, Capgemini states: “We look beyond the compliance side of GDPR and uncover the latent opportunity that can help organizations gain individuals’ trust and competitive advantage.” It points out the pitfalls of treating GDPR simply as a regulatory exercise. Even so, the firm found that half the organizations surveyed are taking “a perfunctory approach” to the new data protection regime.

In surveying 6,000 consumers across seven European countries, Capgemini backed up its belief that GDPR is an opportunity. The report states, for example, that “When consumers are convinced an organization is protecting their personal data”:

• Nearly half—49%—would share their positive experiences with their friends and family.

• 40% have transacted more frequently with the organization.

• 39% have purchased more products.

• 39% have increased spending—as much as 24% more.

The flip side, however, is that customers will take action if they perceive you are not treating their data securely. As depicted in the infographic below, 57% of the surveyed consumers will take some action when they find a bank or other company they are dealing with is not ensuring the protection of their data. The actions can include “porting” data or erasing it or simply stopping doing business with the company.

Toward a better data world

The issue of data protection and privacy is now front and center thanks to numerous data breaches, Facebook headlines, and the general knowledge that with digital technology, much of peoples’ lives is being captured and stored and used by many organizations. Even the term “dark web” has become common parlance.

Given all that, consumers are increasingly saying: “I’m going to go with institutions I trust,” says Krishnan.

Krishnan strongly believes that GDPR over time will help make the world a better place given the many threats to data security and privacy. He gives credit to the European Union for pushing the regulatory framework forward. Over time, he maintains, “it will make a lot of us feel better.”

During the briefing, Comptroller Joseph Otting pointed out that estimates say that the need for short-term, small-dollar loans—$300-$5,000—is around $90 billion annually, frequently for emergency needs like auto repair.

“Often, people are frozen out of the ability to do that,” Otting told reporters, “due to historical job patterns or credit-related issues.” Otting believes consumers should have more choice in this area and that banks should be a greater part of that choice.

“Helping people get back into mainstream banking and get off of high-cost financial services like check-cashing and payday lending” is the intent behind OCC’s actions, he said. He said estimates are that 25 million to 50 million consumers would benefit if banks returned to short-term, small-dollar lending.

Officials stressed that banks would still be expected to offer such credit in a safe and sound manner, and the bulletin itself urges institutions to discuss new programs with examiners or other OCC officials prior to launching them.

The new OCC bulletin is not a new regulation or rule—officials didn’t feel one was needed, only a sign that the agency approved of the activity under existing standards. Otting said that a frequent complaint he’s heard since taking office was that national banks were not providing credit to consumers with FICO scores of below 680.

Nerdwallet noted recently that three of the top five banks don’t offer personal loans anymore and that marketplace lenders were among the sources that have filled the gap.

The bulletin covers loans of greater than 45 days. OCC has been in discussions with the Consumer Financial Protection Bureau concerning loans of a shorter duration. The bureau is reconsidering the payday lending rule that it issued earlier.

Otting told reporters he favors banks entering competition with payday lenders and similar creditors to “make new products available” to borrowers currently relying on such measures.

A longer version of this article appears online, tinyurl.com/MakeSmallLoansBE

Culture: What you expect, what you accept By Ed O’Leary, contributing editor

Enjoy talking to my middle-aged kids about their workplace experiences. The other day, for example, my clergyman son told me: “Culture is a combination of what you expect and what you accept.”

That’s a good description of how cultures develop and become “baked into” the enterprise. One very useful thing about culture is its ability to sustain and reinforce certain types of attitudes and behaviors.

Personal behaviors are a fertile source of terminations for bankers, probably exceeding professional competence. This is why banks feel they need code of conduct statements so employees have a clear sense of acceptable behaviors. Most of us think about conflicts of interest as the focus of these statements, but they have become much broader than that.

The simplest code of conduct statement I ever saw began with the declaration that the company “shall tolerate no employee behavior that causes embarrassment to the bank.” There were some specific examples of the range of what that simple principle meant. I have wondered why others have not picked up on the simplicity and clarity of that declaration.

It’s a good time to look at our human resource policies and “square” them with an honest assessment of our culture. You should give that some thought now, as you will probably be challenged in this area before long.

The mistake we frequently make is assuming that employee behaviors are a consistently accurate reflection of our policies. Yet, as my son instructs, culture is the sum total of the behaviors we accept. Any infraction of an internal credit control that gets the occasional wink or nod is undermining the credit culture of the bank. Yet we often look the other way because the matter seems trivial.